Tag: cybersecurity

The details are continuing to emerge – and get worse – about the hack of British Airways. In September it was revealed that for over two weeks, hackers stole over 385,000 customer data records which included full name and address info and complete credit card data including CCV numbers (for 77,000 of the users) from the BA website and Mobile app.

A follow up notice published by BA’s parent International Airlines Group, on Thursday last week admitted that passengers who made bookings between April and July using rewards points were also snooped on by the cybercriminals.

What’s the takeaway? As usual, we recommend that it’s important to have Dark Web monitoring in place for your entire organization so that you can watch for these stolen credentials to appear for sale. Personal monitoring is also important so make sure you’re using a reputable product like our Spotlight ID.

And if you’ve flown British Airways recently make sure you change those account credentials, get a replacement for whatever card you used for reservations, and if you used the same credentials at any other site, make sure you change all those passwords, too.

Like this:

California governor Jerry Brown recently signed a bill into law called the ‘Security of Connected Devices,’ or SB-327. Starting in 2020, the new law requires any California manufacturer of Internet-connected devices to equip every new device with a unique password or have a setup procedure that requires users to change the default password as part of the setup procedure.

The law is an effort to address a geometrically growing problem – customers that simply take their latest Internet-of-Things device, plug it in or connect it to their wifi, and then forget about it leaving default and hard-coded service passwords in place. This is how automated malware like NotPetya and WannaCrypt recently wreaked havoc around the world.

Like many government initiatives, there are good intentions but while the new law may provide some help it unfortunately misses the much larger problem; failure to update software. There are many ways to access an IoT device and a username/password is just one of them.

New security holes are discovered all the time and they usually take advantage of elements of the device whose operation is invisible to users.

It’s hard enough for Apple and Microsoft to get users to update their main computer systems, so imagine the difficulty in getting users to update a smart light bulb socket, a security camera, or a smart refrigerator? Or how about hundreds or thousands of devices in a home or business?

So what’s the takeaway? First, don’t rely on manufacturers to supply perfect products or products that update themselves. In fact, many self-updates create more problems than they fix (hey – some of this stuff is complicated!). And don’t look for a government magic wand to solve the problem. The new California law makes nice press and allows legislators to claim that they ‘did something about the problem,’ but understand that you have to take responsibility for what you connect to your network.

Especially at work, be extra careful. In addition to thinking twice about whether you really need that IoT device, we recommend deploying a system like our Ransomware Guardian that can restrict unknown and rogue IoT devices from functioning on your network.

Over the weekend a massive IOT attack on unpatched Netgear DGN series routers was observed so if you have one or more of these devices and you haven’t updated it recently, you need to act ASAP.

The attacks have been primarily observed in the United States and India but has been reported in 75 other countries, too.

The attacks are completely automated and scan the Internet for the devices and if found, exploit a vulnerability to take over control of the routers and use them as Bots or as Crypto Coin Mining Zombies.

Netgear has released firmware updates that fix the vulnerability for all affected products but user action is required to apply the fixes. Specifically, you need to upgrade the Netgear software to DGN1000 1.1.00.48 / DGN2200 v3 or higher. Updates are available at the Netgear download center.

Need a hand with network security? Give us a call at 978.921.0990 or visit us on the web.

Like this:

As I’ve mentioned before, hacking is big business. Whether to steal intellectual property, extort companies for a ransom, infecting systems to be used for spam or covert mining, or just outright stealing of cash, cybercriminals want what you’ve got.

Here at MicroData we manage many systems and I wanted to share some specs on a server we manage that readers may find interesting. The server in question hosts websites and in addition to the usual security measures we put into place on any Internet-facing server, we also install software that monitors login attempts and if too many failed attempts are made within a given time period, the IP address trying to login gets blocked. The address – and its general geographic location – also gets logged.

So over the past 30 days, here’s the Top-5 list of countries where those hack attempts originated:

China (792)

USA (766)

Brazil (480)

India (355)

Russian Federation (205)

Seeing China and Russia on the list probably doesn’t surprise anyone, but having almost as many hack attempts from within the U.S. as from China usually does cause an eyebrow to rise. And most people are surprised that Brazil and India are so active in trying to access systems. They are almost never mentioned in popular press.

There are a couple of takeaways.

First, understand that these are automated attempts. It’s not personal so don’t think about it in that way. There is no human sitting at a keyboard trying different password combinations. The defenses your organization needs to have in place must protect against continuous, 24×7 attempts to get at your systems, data, and users.

Second, you need to be extra concerned if any of your user’s credentials are on the Dark Web where they can be simply purchased. Hackers and their automated systems will endlessly try those credentials and thousands of variations. So a password change from ‘lollipop1’ to ‘lollipop2’ is almost useless – but it’s still what most users do. This is why even if hackers get an old password, they will be often successful in gaining access to a network or system.

Make sure you have a Dark Web monitoring solution in place like MicroData’s Dark Web Guardian. We now offer a small business package for organizations with up to 15 users for just $49.

Like this:

If you’ve been following the saga this year of vulnerabilities discovered in CPUs used in most computers and smart devices, then you recognize the term ‘Meltdown’. It was coined to identify one of the vulnerabilities attributed to design flaws internal to many popular microprocessors. Now we can add a wildly popular smartphone to the list of affected devices – the Samsung Galaxy S7.

In a story from Reuters, it’s now been determined that the microprocessor used in the tens of millions of S7s sold worldwide also contains the Meltdown vulnerability and therefore can expose user data or trick applications into revealing confidential information.

Samsung said it introduced patches in January and July to protect S7 phones against Meltdown.

Is it a safe guess that other smartphones may also have the same problem? It’s not yet known but in the meantime make sure you keep your phone up to date – just in case.

Like this:

Unfortunately, most people that say this have little basis for the belief. The reality is that without monitoring it’s almost certain that some of your employees credentials are available for sale – or for free – out on the Dark Web and you’ll not know it. In 2017 we found 92% of organizations tested had compromises.

Here’s an example. I recently ran a quick scan on our local school system. I stopped the report after the first 190 compromises were found. And the report showed concerning details like failure to have implemented a complex password policy, setting a reasonable password depth, exposed Personally Identifiable Information (PII), etc.

Having the best firewalls and monitoring solutions in the world are useless if a cybercriminal has someone’s account info and password and just logs in.

I’m offering to help you find out at no cost or obligation. Visit this link and fill in your information and we’ll run a Dark Web scan for your domain at no cost and with no obligation. We’ll even give you a copy of our MicroData Dark Web Scan Action Guide that provides detailed recommendations on what to do if compromises are found.

Like this:

A recent poll by Broadband Genie, a UK Internet Service provider (ISP), found that the vast majority of users – including some small businesses – have never changed the default administrator password on their router, thereby leaving themselves wide open for all sorts of cybercrime mayhem.

The survey also found that 52% had never changed the network name, updated the firmware, or checked to see what devices are on their network.

And 48% said they didn’t understand why they would need to make these changes.

If your small business is simply using the router/modem supplied by your ISP (not a good idea), make sure you get these items taken care of ASAP. And regularly review your router’s logs for suspicious activity. And if you don’t know how or why, contact us for some help.

Like this:

If you’re looking for good examples of safe cyber security policy, take note of IBM’s recent actions.

In an advisory to employees, IBM Global Chief Information Security Office Shamla Naidoo said that the company is “expanding the practice of prohibiting data transfer to all removable portable storage devices.” This will include USB, SD cards, flash drives, etc.

Why are they taking this step? According to Naidoo, “the possible financial and reputational damage from misplaced, lost or misused removable portable storage devices must be minimised.” Or in other words, it’s just not worth the risk.

IBM will have employees use it’s own synchronization application service for moving data around.

The takeaway for your business? Only let your employees use approved removable storage devices that are trackable and managed, and don’t permit use of non-secure and unmanageable Cloud storage services.

Every MicroData Managed Service Plan includes our exclusive Ransomware Guardian™ – a suite of cybersecurity tools with functionality that includes limiting and managing removable storage and restricting the use of Cloud-based file sharing services. And our SecureCloud Sync service provides Cloud-based file sharing but without the risks inherent in consumer-grade solutions like DropBox™ or OneDrive™.

Like this:

In our October 2017 MicroOutlook, I wrote about the risks of the Internet of Things (IoT) and the accompanying management challenges to keep your organization safe. Here’s a fresh example.

This week news came out about an unexpected side effect of many popular Strava-enabled fitness trackers. These devices interface to your smartphone and compile activity data and give you all sorts of reporting. Sounds good, right? Except the latest version includes a heat map which gets uploaded to the manufacturer who makes it available on the Internet. And it shows the aggregated routes of all its users. Social media users quickly realized that this info could be used to figure out where Western military camps in the Middle East are located. Fitness conscious soldiers jogging about the bases’ perimeters were building up nice neat traces on the heat maps over time.

Remember, IoT presents many security challenges. You can’t simply say ‘It’s just a temperature sensor’ or ‘it’s just a fitness tracker’. Any device that gathers data and connects to either the Internet or a network has to be scrutinized before it’s deployed. And you have to monitor your network to make sure employees aren’t bringing in their own devices and attaching them to computers or data jacks.

If your organization needs help with managing IoT or security, contact us for assistance.